Some important points to know:

  • The Api credentials always belong to a user.
  • If you don’t pass a user you will get the user object this user. So watch out to always set the user correctly.
  • All non public requests need the “ApiKey” and the encrypted “RequestHash” of the uri in the header.

Sample PHP call:

// get your own user profile
$timestamp = time();
$requestHash = hash_hmac('sha256',$timestamp.'/api/v1/user', YOUR_API_SECRET, false);

// init curl
$ch = curl_init();

// set headers
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'ApiKey: '. YOUR_API_KEY,
    'RequestHash: '. $requestHash,
    'Timestamp: '. $timestamp

// set URL
curl_setopt($ch, CURLOPT_URL, 'https://DOMAIN/api/v1/user'); 

$response = curl_exec($ch);